在对 Amazon RDS for SQL Server 数据库实例执行本机备份和恢复时,如出现错误,我该如何解决?
我想解决在备份和恢复 Amazon Relational Database Service (Amazon RDS) for Microsoft SQL Server 数据库实例时发生的错误。
简短描述
要解决在对 Amazon RDS for SQL Server 数据库实例执行本机备份和恢复时发生的错误,请尝试以下方法:
- 增加数据库实例的存储空间。
- 向 AWS Identity and Access Management (IAM) 角色授予访问 SQLSERVER_BACKUP_RESTORE 选项的权限。
- 向选项组的 IAM 角色授予 AWS Key Management Service (AWS KMS) 权限。
- 授予配置 IAM 策略或存储桶策略的权限,以进行跨账户备份。
- 导入透明数据加密 (TDE) 证书。
- 指定正确的 Windows 驱动器号。
- 将备份文件的 MAXTRANSFERSIZE 值设置为大于您执行恢复操作时所使用的值。
- 减小备份文件大小,以便将文件传输到 Amazon Simple Storage Service (Amazon S3)。
解决方法
**注意:**如果您在运行 AWS 命令行界面 (AWS CLI) 命令时收到错误,请参阅排查 AWS CLI 错误。此外,请确保您使用的是最新版本的 AWS CLI。
增加数据库实例的存储空间
当您从 Amazon Elastic Compute Cloud (Amazon EC2) 或本地实例恢复备份时,数据库实例可能出现存储空间不足的情况。然后,Amazon RDS 会停止该任务。
日志输出示例:
[2022-04-07 05:21:22.317] Aborted the task because of a task failure or a concurrent RESTORE_DB request. [2022-04-07 05:21:22.437] Task has been aborted [2022-04-07 05:21:22.440] There is not enough space on the disk to perform restore database operation.
要解决此问题,您可以增加数据库实例的可用存储空间。或者,减小数据库实例中的事务日志文件大小。
增加可用存储空间
完成以下步骤:
- 在 EC2 或本地实例上运行以下查询,以检查数据库数据文件和事务日志文件的大小:
**注意:**请将 DB_NAME 替换为数据库的名称。SELECT DB_NAME(database_id) AS DatabaseName, Name AS Logical_Name, Physical_Name, (size*8)/1024/1024 AS SizeGB FROM sys.master_files WHERE DB_NAME(database_id) = 'DB_NAME' GO Database Size = (DB_Name size + DB_Name_Log size) - 将 EC2 或本地实例数据库的大小与数据库实例的可用存储空间进行比较。
- 增加数据库实例的可用存储空间,然后恢复数据库。
减小事务日志文件大小
完成以下步骤:
- 要减小 EC2 或本地实例中的当前事务日志文件大小,请运行以下命令:
**注意:**请将 FileName 替换为您的数据或事务日志文件的名称,并将 FileSizeMB 替换为目标文件大小(以兆字节为单位)。DBCC SHRINKFILE (FileName, FileSizeMB) - 备份数据库。
向 IAM 角色授予访问 SQLSERVER_BACKUP_RESTORE 选项的权限
如果与 SQLSERVER_BACKUP_RESTORE 选项关联的 IAM 角色的权限不足,Amazon RDS 会停止该任务。
日志输出示例:
[2020-12-15 08:56:22.143] Aborted the task because of a task failure or a concurrent RESTORE_DB request. [2020-12-15 08:56:22.213] Task has been aborted [2020-12-15 08:56:22.217] Access Denied
-或-
[2022-07-16 16:08:22.067] Task execution has started. [2022-07-16 16:08:22.143] Aborted the task because of a task failure or an overlap with your preferred backup window for RDS automated backup. [2022-07-16 16:08:22.147] Task has been aborted [2022-07-16 16:08:22.150] Access Denied
要解决此问题,请完成以下步骤:
-
运行以下命令,以验证恢复查询中的 S3 存储桶和文件夹前缀是否正确:
exec msdb.dbo.rds_restore_database @restore_db_name='database_name', @s3_arn_to_restore_from='arn:aws:s3:::bucket_name/file_name_and_extension'; -
将以下语句添加到 IAM 权限策略中:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": "arn:aws:s3:::bucket_name" }, { "Effect": "Allow", "Action": [ "s3:GetObjectAttributes", "s3:GetObject", "s3:PutObject", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Resource": "arn:aws:s3:::bucket_name/*" } ] }**注意:**在上述策略中,请将 arn:aws:s3:::bucket_name 替换为 S3 存储桶的 Amazon 资源名称 (ARN)。
-
将策略添加到与 SQLSERVER_BACKUP_RESTORE 选项关联的角色中。
-
验证 SQLSERVER_BACKUP_RESTORE 选项是否在与数据库实例关联的选项组中。
有关更多信息,请参阅如何将我的 SQL Server 数据库本机备份到 Amazon RDS 并从 Amazon S3 中恢复?
向选项组的 IAM 角色授予 AWS KMS 权限
RDS for SQL Server 本机备份和恢复功能支持在客户端加密和解密备份文件。如果与选项组关联的 IAM 角色策略缺少与 KMS 密钥相关的权限,备份或恢复操作将会失败。
日志输出示例:
[2025-12-12 01:34:22.217] Aborted the task because of a task failure or an overlap with your preferred backup window for RDS automated backup. [2025-12-12 01:34:22.223] Task has been aborted [2025-12-12 01:34:22.230] User: arn:aws:sts::0123456789:assumed-role/<your_role_name>/RDS-SqlServerBackupRestore is not authorized to perform: kms:DescribeKey on resource: arn:aws:kms:ap-northeast-1:0123456789:key/<your_kms_key_id> because no identity-based policy allows the kms:DescribeKey action
要解决此问题,请在与选项组关联的 IAM 策略中添加以下语句。
{ "Version":"2012-10-17", "Statement": [ { "Sid": "AllowAccessToKey", "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:GenerateDataKey", "kms:Encrypt", "kms:Decrypt" ], "Resource": "arn:aws:kms:us-east-1:0123456789:key/key-id" }, { "Sid": "AllowAccessToS3", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": "arn:aws:s3:::PUT-BUCKET-NAME" }, { "Sid": "GetS3Info", "Effect": "Allow", "Action": [ "s3:GetObjectAttributes", "s3:GetObject", "s3:PutObject", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Resource": "arn:aws:s3:::PUT-BUCKET-NAME/*" } ] }
授予配置 IAM 策略或存储桶策略的权限,以进行跨账户备份
当您将数据库备份从一个 AWS 账户恢复到另一个账户时,Amazon RDS 可能会因为权限不足而停止任务。例如,您将备份存储在账户 A 的 S3 存储桶中,并将备份恢复到账户 B 的 Amazon RDS 数据库实例中。
如果这样做,则可能有两种结果:与选项组关联的 IAM 角色策略缺少权限,或者与 S3 存储桶关联的存储桶策略缺少权限。
日志输出示例:
[2022-02-03 15:57:22.180] Aborted the task because of a task failure or a concurrent RESTORE_DB request. [2022-02-03 15:57:22.260] Task has been aborted [2022-02-03 15:57:22.263] Error making request with Error Code Forbidden and Http Status Code Forbidden. No further error information was returned by the service.
要解决此问题,请完成以下步骤:
-
将以下语句添加到与账户 B 中的选项组关联的 IAM 策略中:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": "arn:aws:s3:::name_of_bucket_present_in_Account_A" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Resource": "arn:aws:s3:::name_of_bucket_present_in_Account_A/*" }, { "Action": [ "kms:DescribeKey", "kms:GenerateDataKey", "kms:Decrypt", "kms:Encrypt" "kms:ReEncryptTo", "kms:ReEncryptFrom" ], "Effect": "Allow", "Resource": [ "arn:aws: PUT THE NAME OF THE KEY HERE", "arn:aws:s3:::name_of_bucket_present_in_Account_A/*" ] } ] } -
将以下语句添加到与账户 A 中的 S3 存储桶关联的存储桶策略中:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Permission to cross account", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::AWS-ACCOUNT-ID-OF-RDS:role/service-role/PUT-ROLE-NAME" ] }, "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::PUT-BUCKET-NAME" ] }, { "Sid": "Permission to cross account on object level", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::AWS-ACCOUNT-ID-OF-RDS:role/service-role/PUT-ROLE-NAME" ] }, "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Resource": [ "arn:aws:s3:::PUT-BUCKET-NAME/*" ] } ] }
有关更多信息,请参阅使用本机备份和恢复功能导入和导出 SQL Server 数据库和存储桶所有者针对自己未拥有的对象授予跨账户权限。
导入 TDE 证书
如果您恢复了数据库备份,但并未将 TDE 证书导入目标服务器,任务将会停止。例如,您尝试将使用 TDE 的数据库从 EC2 或本地实例恢复到 RDS for SQL Server 数据库实例。
日志输出示例:
[2022-06-15 11:55:22.280] Cannot find server certificate with thumbprint '########'. [2022-06-15 11:55:22.280] RESTORE FILELIST is terminating abnormally. [2022-06-15 11:55:22.300] Aborted the task because of a task failure or a concurrent RESTORE_DB request. [2022-06-15 11:55:22.333] Task has been aborted [2022-06-15 11:55:22.337] Empty restore file list result retrieved.
要解决此问题,请将 TDE 证书导入目标服务器。
要防止出现此问题,请使用以下解决方法之一。
您从本地或 EC2 实例备份数据库,但目标 RDS for SQL Server 位于多个可用区中
完成以下步骤:
-
为已开启 TDE 的 EC2 或本地数据库创建备份。
-
在本地服务器中,将备份恢复为新的数据库。
-
运行以下命令,以关闭新数据库的加密功能:
USE master; GO ALTER DATABASE Databasename SET ENCRYPTION OFF; GO**注意:**请将 Databasename 替换为数据库的名称。
-
运行以下命令,以删除新数据库的数据库加密密钥 (DEK):
USE Databasename; GO DROP DATABASE ENCRYPTION KEY; GO**注意:**请将 Databasename 替换为数据库的名称。
-
执行本机 SQL Server 备份,然后将备份恢复到数据库实例。
您可以从使用 TDE 加密的 RDS for SQL Server 数据库实例备份数据库实例
完成以下步骤:
- 使用 RDS for SQL Server 实例中的数据库快照恢复到新的数据库实例。
**注意:**如果您要更改数据库实例的版本,请参阅 Microsoft SQL Server 注意事项。 - 为新的数据库实例关闭 TDE。
- 执行本机 SQL 备份,然后将备份恢复到数据库实例。
- 为新的数据库实例开启 TDE。
指定正确的 Windows 驱动器号
RDS for SQL Server 可以将数据库恢复到附加存储卷。当您为存储卷指定了错误的 Windows 驱动器号时,恢复操作将会失败。
查询和错误消息示例:
-- Native restore query EXEC msdb.dbo.rds_restore_database @restore_db_name='my_database', @s3_arn_to_restore_from='arn:aws:s3:::<your_bucket_name>/my_database.bak', @data_file_volume='Y:', -- incorrect drive letter. @log_file_volume='Z:'; -- incorrect drive letter. -- Error message Message 50000、Level 16、State 1、Procedure msdb.dbo.rds_restore_database、Line 122 Volume for data files is unavailable. Choose from available volumes.
要解决此问题,请检查 Windows 驱动器号。完成以下步骤:
-
使用 describe-db-instances 命令列出数据库实例上的附加存储卷:
aws rds describe-db-instances \ --db-instance-identifier your-db-instance-id \ --query 'DBInstances[].AdditionalStorageVolumes[].VolumeName' \ --output text**注意:**请将 your-db-instance-id 替换为数据库实例的标识符。
**注意:**如果无法获取卷名,您需要将 AWS CLI 更新到最新版本。有关存储卷的更多信息,请参阅将附加存储卷与 RDS for SQL Server 结合使用的注意事项。
-
修复您的查询,以便为
@data_file_volume和@log_file_volume指定正确的 Windows 驱动器号。
将备份文件的 MAXTRANSFERSIZE 值设置为大于您执行恢复操作时所使用的值
当备份包含 FILESTREAM 或内存 OLTP 文件组,并且您在恢复期间使用了错误的 MAXTRANSFERSIZE 时,便会出现 MAXTRANSFERSIZE 错误。
**注意:**RDS for SQL Server 不支持 FILESTREAM 功能。
如果您明确指定了 MAXTRANSFERSIZE,可能会遇到以下错误: "RESTORE requires MAXTRANSFERSIZE=<required_size> but <your_specified_size> was specified."
查询和日志输出示例:
-- query EXEC msdb.dbo.rds_restore_database @restore_db_name='my_database', @s3_arn_to_restore_from='arn:aws:s3:::<your_bucket_name>/my_database.bak', @max_transfer_size=65536 -- specified MAXTRANSFERSIZE explicitly -- error message [2025-12-11 07:26:22.320] Task execution has started. [2025-12-11 07:26:22.520] RESTORE requires MAXTRANSFERSIZE=4194304 but 65536 was specified. RESTORE DATABASE is terminating abnormally.
要解决此问题,请勿指定 MAXTRANSFERSIZE:
EXEC msdb.dbo.rds_restore_database @restore_db_name='my_database', @s3_arn_to_restore_from='arn:aws:s3:::<your_bucket_name>/my_database.bak'
或者,指定一个等于或大于错误消息中所指示大小的值:
EXEC msdb.dbo.rds_restore_database @restore_db_name='my_database', @s3_arn_to_restore_from='arn:aws:s3:::<your_bucket_name>/my_database.bak', @max_transfer_size=4194304
减小备份文件大小,以便将文件传输到 Amazon S3
当您移动的对象大于 Amazon S3 分段上传操作的最大对象大小时,就会出现此问题。Amazon S3 会将较大的对象分成多个部分,所分的部分数超过每次上传的最大部分数。
日志输出示例:
[2022-04-21 16:45:04.597] reviews_consumer/reviews_consumer_PostUpdate_042122.bak: Completed processing 100% of S3 chunks. [2022-04-21 16:47:05.427] Write on "####" failed: 995(The I/O operation has been aborted because of either a thread exit or an application request.) A nonrecoverable I/O error occurred on file "XXXX:" 995(The I/O operation has been aborted because of either a thread exit or an application request.). BACKUP DATABASE is terminating abnormally. [2022-04-21 16:47:22.033] Unable to write chunks to S3 as S3 processing has been aborted. [2022-04-21 16:47:22.040] reviews_consumer/reviews_consumer_PostUpdate_042122.bak: Aborting S3 upload, waiting for S3 workers to clean up and exit [2022-04-21 16:47:22.053] Aborted the task because of a task failure or an overlap with your preferred backup window for RDS automated backup. [2022-04-21 16:47:22.060] reviews_consumer/reviews_consumer_PostUpdate_042122.bak: Aborting S3 upload, waiting for S3 workers to clean up and exit [2022-04-21 16:47:22.067] S3 write stream upload failed. Encountered an error while uploading an S3 chunk: Part number must be an integer between 1 and 10000, inclusive S3 write stream upload failed. Encountered an error while uploading an S3 chunk: Part number must be an integer between 1 and 10000, inclusive S3 write stream upload failed. Encountered an error while uploading an S3 chunk: Part number must be an integer between 1 and 10000, inclusive S3 write stream upload failed. Encountered an error while uploading an S3 chunk: Part number must be an integer between 1 and 10000, inclusive
要解决此问题,请开启数据库备份压缩功能来减小备份大小,这样 Amazon S3 就可以接收文件了。
要开启备份压缩功能,请运行以下命令:
exec rdsadmin..rds_set_configuration 'S3 backup compression', 'true';
- 语言
- 中文 (简体)
